Magnetic card stripe spoofer

This hodge-podge of components is capable of spoofing the magnetic stripe on a credit card. [Sk3tch] built an electromagnet using a ferrous metal shim wrapped in enameled magnet wire. While he was doing the windings [Sk3tch] connected his multimeter to the metal shim and one end of the wire, setting it to test continuity. This way, if he accidentally scraps the enamel coating and grounds the wire on the metal the meter will sound and alarm and he’ll know about the short immediately. An Arduino takes over from here, actuating the coil to simulate the different data sections of a magnetic stripe.

From his schematic we see that the electromagnet is directly connected to two pins of the Arduino. We haven’t looked into the code but is seems there should be either some current limiting, or the use of a transistor to protect the microcontroller pins (we could be wrong about this).

[Sk3tch’s] realization of this spoofer can be made quickly with just a few parts. Card data must be written in the code and flashed to the Arduino. If you want to see what a more feature-rich version would entail take a look at this spoofer that has a keypad for changing data on the go.

Rather than setting up some sort of alarm to detect if the enamel was scrapped off on the metal shim, why not just insulate the metal shim with some electrical tape? That wouldn’t effect the electromagnet.

Having worked extensively on this protocol for an independent study, there is no way to spoof all 3 tracks using just one coil. That being said spoofing a single track is usually sufficient for access systems, membership cards, etc… Basically anything not in the financial sector.

@hackaday
Shame on you for not reviewing you past postings. This project is a derivative work based on several projects already covered by this site. Its also a damn shotty implementation. The code is terrible. Most importantly, this guy is driving a very inductive load straight from the digital pins of an avr. Frankly I’m surprised that works at all and it will eventually destroy the arduino. To anyone looking to duplicate this please use a transistor and a flywheel diode.

note: I know I’m being critical but that’s only because this is a derivative work. More to the point, its a derivative work that’s significantly lower quality than the project being copied.

Wow, is that ever a lovely dirty hack. Something inside me says it’s still cool though. Dirty code, no back EMI protection, etc. Something Macgyver would come up with for a single use or something like that. Nothing like a 10 minute hack for a 10 minute job.

If this were something built out of garbage by a homeless man to spoof door access cards so he could find a place to sleep or something…then I’d be really impressed. Or if it were built in a post-apocalyptic wasteland. But outside that context, this is….not very well done.

No protection diodes or isolators, driving an inductive load directly from the AVR pins, the coiling and soldering both look shoddy, and the whole thing is just zip-tied together? I think it’s pretty telling that HaD thought it was worth writing about how he used the continuity test function on his meter while assembling the coil…because everything else in the project shows zero foresight.

Interesting side note. For those without an H-bridge this can be done without reversing the polarity of the coil. Due to the properties of the current stored in the inductor you can treat a 1 as on and a 0 as off. The act of disconnecting the inductor generates enough of a induced current in the opposite direction to provide the necessary flux reversal for the reader to register a 0. This lowers the part count to 1 transistor and 1 diode or 1 mosfet with integrated diodes (my preference).

I am not sure why we are all concerned about this guys Arduino? You know it is missing the H bridge, so don’t replicate what he did. This site is not named Engineering a Day, it is Hack a Day, and some hacks are dirty and some are not.
I think it is not the HAD’s standards is the problem, I think the audience got a little bit picky and elitist.

I agree that the audience here is usually picky and elitist, usually too much so, but it would be good for HaD to say clearly “this guy is going to blow up his arduino, DON’T DO THIS” for the people who may not have as much experience as others and would just try it as depicted. I don’t have a problem with really dirty hacks being posted as long as the editors explain why they might not be a great idea to duplicate on your own — they can even be a learning experience that way.

(The wishy-washy “we could be wrong about this” isn’t needed…it’s obviously bad practice to drive any powerful load directly from the i/o pins and it only costs like a nickel of parts to keep everything safe, so there’s really no excuse).

@macw, this is a useful tip for those people wanting to wind their own coils for other applications (i.e. small HV generators and fluorescent/EL drivers) as it allows the fault to be rectified before it ruins hours of hard work.

Winding coils always requires extreme insulation on the core, and kink free, damage free winding.
Tension control too, because it builds up too much pressure at the core.
If you expect something might fail, just do the right thing. Just because it works does not mean it’s working
Probability says if the wire might short out while winding, then it surely will at more points than one later! All that pressure bears down on any defect and onto the sharp edges of the core.

It’s sort of interesting that many chips have internal protection but us being scared causes us to add protection on top of it.
Obviously you get reverse current but the power coming from the raw pin isn’t that high to start with nor is the coil and metal that bulky, so perhaps that means extensive protection is less important.
And it’s using PWM pins right? Does that mean it’s using PWM and that limits the return force since the field collapses all the time with not enough time to build up a coherent return?

Maybe somebody needs to make one of those ‘how long until it fails’ project from this concept :)

And this project also nicely works to explain the concept by not having protection, so it has some merit based on that I guess.

I think inbuilt diodes are only usually designed for ESD discharges – picking up the device with your hands etc. Early CMOS IC’s (4000 series before the B designator) had no such diodes and could be destroyed very easily.

Would be interesting to see how tough these IO pins are though – that said I have really abused some 18F PIC’s, and they just keep going.